Lately, there has been an alarming increase in the frequency and sophistication of cyberattacks, most notably spear phishing (targeted phishing campaigns form a spoofed or trusted source). The increased effort and sophistication of this type of attack is a disturbing trend. However, there are always plenty of red flags and easy to spot signatures that a well- trained, informed, and vigilant staff can identify.
Let’s take a closer look at these and other types of common attacks:
Social Engineering – Social engineering is the practice of tricking users to give a malicious entity access to data. The most common form of social engineering is phishing, the use of cleverly crafted emails to trick users into providing credentials to an attacker. Theres a common practice of believing all phishing emails are easy to spot due to poor grammar or obvious errors (the classic Hey [insert user here]) comes to mind. However recently, phishing attacks have become more complex. So to stay safe, there are a few things your staff can always look for.
- Always check the domain name. The email may look perfect, but if its from an untrusted source, don’t open it.
- Never provide your credentials in an email. Your company will never ask you to verify your credentials and if a service you subscribe to does, do it directly on their website
- Don’t open attachments. Have staff send links to common folder locations, don’t just attach. This also helps with versioning and consistency.
There are other forms of social engineering to be aware of such as:
- Baiting — Baiting involves getting past your defenses by making you feel you are in control of the interaction. Because you initiate the contact yourself, you feel safe. Baiting often leads to downloading malware that allows the hacker to advance into your system.
- Vishing – Vishing is the old fashioned, grass roots of social engineering. It’s the use of a phone to bait people into giving away confidential data such as credit card or social security numbers. Don’t be fooled by the old school idea though. Vishing has come a long. Scammers can perfectly copy a company’s online response system and lure users into a false sense of security.
- Pretexting — Pretexting involves someone impersonating someone who would normally be granted access or privilege. They attack may pose as a customer, an authority figure in your company, or a maintenance person. For example, someone from your IT department contacts you via phone or email requesting you to install a patch via a link or asks for your username and password to install the patch on your PC.
Why is social engineering so dangerous? It’s a common way of dropping terrible pieces of malware such as Ransomware. Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. When a ransomware attack occurs, employees may feel the only option is to pay the ransom so they can retrieve their files. It’s an unfortunate situation that many are faced with and the process of getting operations back to normal can be overwhelming for many.
Here are a few things you should do if you become the victim of a ransomware attack:
- Contact law enforcement officials immediately. Government officials are focusing more efforts on cybersecurity, which is a top concern across the country. By contacting the police and FBI in a timely manner, you are helping them spot trends and make potential connections between attacks.
- Restore from your last secure offsite backup. Do you perform backups on a regular basis? In addition to having a backup on site, it’s a good idea to have a cloud-based, offsite backup of your data as well. This is one way to recover some of the data you may have lost in the attack as it was likely not compromised.
- Determine how the attack occurred. Once you have retrieved your files and can return to operations, it’s time to determine how the attack occurred and take appropriate action to minimize the chance it will happen again. Ensure your operating systems and applications are updated and patched. Test your backups. Formulate and test your Disaster Recovery plan. Tighten your security policies and controls in your environment.
It is important to understand that breaches and attacks are inevitable, criminals are always finding new ways to break in. If you don’t feel like your organization is where it needs to be from a security standpoint, then it’s time for a serious conversation. The Logically team and your Account Manager are available to answer any questions you may have.